Input validation error in Cisco Systems, Inc Client/Desktop applications

#VU87522 Input validation error in Cisco Systems, Inc Client/Desktop applications

Published: 2024-03-14

Vulnerability identifier: #VU87522

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20318

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Layer 2 Ethernet services. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco IOS XR: 7.8 - 7.10

IOS XRd vRouter: All versions

Cisco IOS XRv 9000 Router: All versions

Cisco ASR 9000 Series Aggregation Services Routers: All versions

Cisco ASR 9006 Router: All versions

Cisco ASR 9010 Router: All versions

Cisco ASR 9901 Router: All versions

Cisco ASR 9902 Router: All versions

Cisco ASR 9903 Router: All versions

Cisco ASR 9904 Router: All versions

Cisco ASR 9906 Router: All versions

Cisco ASR 9910 Router: All versions

Cisco ASR 9912 Router: All versions

Cisco ASR 9922 Router: All versions

External links
http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Cisco IOS XR Software